Case Management

Case Management delivers a powerful means for collecting, distributing and analyzing data tied to specific events and incidents for more effective and efficient completion of critical tasks. This fully integrated component optimizes the analyst workflow, ensuring threats do not slip through the cracks. It also allows for conclusive end-to-end threat detection and response.

Accelerate the Discovery and Qualification of Threats

  • Fully integrated Case Management throughout the analyst workflow for rapid case creation and access from any screen
  • Expedite mean-time-to-detection (MTTD) with one-click case creation and incident escalation
  • Ensure incidents are investigated and manage workload through granular case priority with discretionary access and assigned due dates

Reduce Investigation Effort and Increase Threat Recognition

  • Reduce mean-time-to-respond (MTTR) through real-time status tracking
  • Access case details from any screen
  • Manage alarms and approve SmartResponse™ actions within the case
  • Ensure a tamper-proof audit trail through complete activity history
  • Strengthen security and segregate duties through discretionary access controls
  • Increase visibility and awareness into ongoing investigations with executive dashboards

Accurate Threat Detection and Response

Problem: Often during the investigation process, whether prompted by an alarm or via an ad hoc search, an analyst may perform multiple subsequent searches to understand the nature, intent and scope of a suspicious activity to determine if the incident represents true risk to the environment.

If not organized, the data accumulated throughout these subsequent searches may be difficult to interpret, lead to an incorrect conclusion, or result in an incident slipping through the cracks.

Solution: Cases are easily created within LogRhythm and can act as a central repository of evidence tied to ongoing investigations. They can include any existing forensic data within LogRhythm, as well as external evidence such as screen captures and event data from third-party products. Case Management ensures that threats are proactively identified, prioritized based on organizational risk and rapidly investigated within the Security Intelligence Platform for streamlined incidence response.

Additional LogRhythm Benefit: Any case can be shared with other collaborators, who can also add forensic evidence and annotations to expedite threat detection and response. All activity is tracked as part of the case history, providing real-time status and a tamper-proof audit trail.

Access can be restricted for any user to ensure confidentiality. Case Management enables organizations to drastically improve the maturity and efficiency of their security operations and incident response capabilities.

Case Collaboration

Problem: In addition to a centralized repository for relevant evidence, effective incident response management requires immediate insight and easy access to all aspects of the process, including case priority, working status, case contributors, case notes, forensic discovery, etc.

Solution: LogRhythm’s Case Management allows users to assign a priority to each individual case, with a one-click process to flag any incident requiring escalation. An administrator can begin the incident response management process and quickly escalate the case for immediate collaboration with designated analysts that are given full access to all forensic data and working notes.

Additional LogRhythm Benefit: A Case Management widget delivers immediate access to all cases, including associated alarms, log evidence and notes from any screen within the web console. Users can quickly filter based on specific incidents, status, case owner and/or age for streamlined viewing to quickly add evidence from ongoing forensics to the appropriate case.